18 files changed, 42 insertions, 42 deletions
diff --git a/etc/firejail.config b/etc/firejail.config
index e8bf45751..c3c355e3d 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -163,12 +163,12 @@
 # Xpra server command extra parameters. None by default; this is an example.
 # xpra-extra-params --dpi 96
-# Screen size for --x11=xvfb, default 800x600x24.  The third dimension is
+# Screen size for --x11=xvfb, default 800x600x24. The third dimension is
 # color depth; use 24 unless you know exactly what you're doing.
 # xvfb-screen 640x480x24
 # xvfb-screen 800x600x24
 # xvfb-screen 1024x768x24
 # xvfb-screen 1280x1024x24
-# Xvfb command extra parameters.  None by default; this is an example.
+# Xvfb command extra parameters. None by default; this is an example.
 # xvfb-extra-params -pixdepths 8 24 32
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc
index 4e3590fed..e4497f832 100644
--- a/etc/inc/disable-interpreters.inc
+++ b/etc/inc/disable-interpreters.inc
@@ -44,8 +44,7 @@ blacklist /usr/share/perl*
 # it is needed so that Firefox can run applications with Terminal=true in
 # their .desktop file (depending on what is installed). The reason is that
 # this is done via glib, which currently uses a hardcoded list of terminal
-# emulators:
+# emulators: https://gitlab.gnome.org/GNOME/glib/-/issues/338.
-#   https://gitlab.gnome.org/GNOME/glib/-/issues/338
 # And in this list, rxvt comes before xterm.
 blacklist ${PATH}/rxvt
diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile
index 690086099..63a04330b 100644
--- a/etc/profile-a-l/1password.profile
+++ b/etc/profile-a-l/1password.profile
@@ -13,7 +13,7 @@ whitelist ${HOME}/.config/1Password
 private-etc @tls-ca
-# Needed for keychain things, talking to Firefox, possibly other things?  Not sure how to narrow down
+# Needed for keychain things, talking to Firefox, possibly other things?
 ignore dbus-user none
 # Redirect
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile
index 071a279b0..b3994c974 100644
--- a/etc/profile-a-l/brave.profile
+++ b/etc/profile-a-l/brave.profile
@@ -9,8 +9,8 @@ include globals.local
 # noexec /tmp is included in chromium-common.profile and breaks Brave
 ignore noexec /tmp
 # TOR is installed in ${HOME}.
-# NOTE: chromium-common.profile enables apparmor. To keep that intact
+# Note: chromium-common.profile enables apparmor. To keep that intact,
-# you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default.
+# uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default.
 # Alternatively you can add 'ignore apparmor' to your brave.local.
 ignore noexec ${HOME}
 # Causes slow starts (#4604)
diff --git a/etc/profile-a-l/cachy-browser.profile b/etc/profile-a-l/cachy-browser.profile
index 4b486913e..05e1a69f1 100644
--- a/etc/profile-a-l/cachy-browser.profile
+++ b/etc/profile-a-l/cachy-browser.profile
@@ -20,14 +20,14 @@ whitelist /usr/share/cachy-browser
 #whitelist ${HOME}/.mozilla
 # To enable KeePassXC Plugin add one of the following lines to your cachy-browser.local.
-# NOTE: start KeePassXC before CachyBrowser and keep it open to allow communication between them.
+# Note: Start KeePassXC before CachyBrowser and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
 # Add the next line to your cachy-browser.local to enable private-bin (Arch Linux).
 #private-bin dbus-launch,dbus-send,cachy-browser,sh
 # Add the next line to your cachy-browser.local to enable private-etc.
-# NOTE: private-etc must first be enabled in firefox-common.local.
+# Note: private-etc must first be enabled in firefox-common.local.
 #private-etc cachy-browser
 dbus-user filter
diff --git a/etc/profile-a-l/discord-ptb.profile b/etc/profile-a-l/discord-ptb.profile
index c39c0d843..265bf5615 100644
--- a/etc/profile-a-l/discord-ptb.profile
+++ b/etc/profile-a-l/discord-ptb.profile
@@ -1,17 +1,17 @@
-# Firejail profile for discord-ptb   
+# Firejail profile for discord-ptb
 # This file is overwritten after every install/update
 # Persistent local customizations
-include discord-ptb.local   
+include discord-ptb.local
 # Persistent global definitions
 include globals.local
-noblacklist ${HOME}/.config/discordptb   
+noblacklist ${HOME}/.config/discordptb
-mkdir ${HOME}/.config/discordptb   
+mkdir ${HOME}/.config/discordptb
-whitelist ${HOME}/.config/discordptb   
+whitelist ${HOME}/.config/discordptb
-private-bin discord-ptb,DiscordPTB   
+private-bin discord-ptb,DiscordPTB
-private-opt discord-ptb,DiscordPTB   
+private-opt discord-ptb,DiscordPTB
 # Redirect
 include discord-common.profile
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile
index c5fb15f74..659519ca8 100644
--- a/etc/profile-a-l/firefox.profile
+++ b/etc/profile-a-l/firefox.profile
@@ -6,7 +6,7 @@ include firefox.local
 # Persistent global definitions
 include globals.local
-# NOTE: sandboxing web browsers is as important as it is complex. Users might be
+# Note: Sandboxing web browsers is as important as it is complex. Users might be
 # interested in creating custom profiles depending on use case (e.g. one for
 # general browsing, another for banking, ...). Consult our FAQ/issue tracker for more
 # info. Here are a few links to get you going.
@@ -30,7 +30,7 @@ whitelist ${HOME}/.cache/mozilla/firefox
 whitelist ${HOME}/.mozilla
 # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
-# NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
+# Note: Start KeePassXC before Firefox and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile
index 70a302138..ddfe57879 100644
--- a/etc/profile-a-l/gnome-calendar.profile
+++ b/etc/profile-a-l/gnome-calendar.profile
@@ -53,7 +53,7 @@ dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.gnome.evolution.dataserver.*
 #dbus-user.talk org.gnome.OnlineAccounts
 #dbus-user.talk org.gnome.ControlCenter
-# NOTE: dbus-system none fails, filter without rules works.
+# Note: dbus-system none fails, filter without rules works.
 dbus-system filter
 #dbus-system.talk org.freedesktop.timedate1
 #dbus-system.talk org.freedesktop.login1
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile
index 27feccf40..a0244ef47 100644
--- a/etc/profile-a-l/krunner.profile
+++ b/etc/profile-a-l/krunner.profile
@@ -6,9 +6,9 @@ include krunner.local
 # Persistent global definitions
 include globals.local
-# - programs started in krunner run with this generic profile
+# Programs started in krunner run with this generic profile.
-# - when a file is opened in krunner, the file viewer runs in its own sandbox
+# When a file is opened in krunner, the file viewer runs in its own sandbox
-#   with its own profile, if it is sandboxed automatically
+# with its own profile, if it is sandboxed automatically.
 # noblacklist ${HOME}/.cache/krunner
 # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 7ddbda18c..65a4a3787 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -19,7 +19,7 @@ whitelist ${HOME}/.librewolf
 #whitelist ${HOME}/.mozilla
 # To enable KeePassXC Plugin add one of the following lines to your librewolf.local.
-# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them.
+# Note: Start KeePassXC before Librewolf and keep it open to allow communication between them.
 #whitelist ${RUNUSER}/kpxc_server
 #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
@@ -28,7 +28,7 @@ whitelist /usr/share/librewolf
 # Add the next line to your librewolf.local to enable private-bin (Arch Linux).
 #private-bin dbus-launch,dbus-send,librewolf,sh
 # Add the next line to your librewolf.local to enable private-etc.
-# NOTE: private-etc must first be enabled in firefox-common.local.
+# Note: private-etc must first be enabled in firefox-common.local.
 #private-etc librewolf
 dbus-user filter
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile
index 15474c96e..7b0135695 100644
--- a/etc/profile-m-z/minetest.profile
+++ b/etc/profile-m-z/minetest.profile
@@ -6,8 +6,9 @@ include minetest.local
 # Persistent global definitions
 include globals.local
-# In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf:
+# In order to save in-game screenshots to a persistent location,
-#   screenshot_path = /home/<USER>/.minetest/screenshots
+# edit ~/.minetest/minetest.conf:
+# screenshot_path = /home/<USER>/.minetest/screenshots
 noblacklist ${HOME}/.cache/minetest
 noblacklist ${HOME}/.minetest
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index bd01d4082..fd35483be 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -9,7 +9,7 @@ include globals.local
 # In order to save screenshots to a persistent location,
 # edit ~/.config/mpv/foobar.conf:
-#    screenshot-directory=~/Pictures
+# screenshot-directory=~/Pictures
 # mpv has a powerful Lua API and some of the Lua scripts interact with
 # external resources which are blocked by firejail. In such cases you need to
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index f3b0c8a49..4c463521c 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -7,7 +7,7 @@ include nodejs-common.local
 # added by caller profile
 #include globals.local
-# NOTE: gulp, node-gyp, npm, npx, semver and yarn are all node scripts
+# Note: gulp, node-gyp, npm, npx, semver and yarn are all node scripts
 # using the `#!/usr/bin/env node` shebang. By sandboxing node the full
 # node.js stack will be firejailed. The only exception is nvm, which is implemented
 # as a sourced shell function, not an executable binary. Hence it is not
diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile
index db4113f94..7d0e01d98 100644
--- a/etc/profile-m-z/noprofile.profile
+++ b/etc/profile-m-z/noprofile.profile
@@ -1,17 +1,16 @@
 # This is the weakest possible firejail profile.
-# If a program still fail with this profile, it is incompatible with firejail.
+# If a program still fails with this profile, it is incompatible with firejail.
 # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72)
 #
 # Usage:
-#   1. download
+# $ firejail --profile=noprofile.profile /path/to/program
-#   2. firejail --profile=noprofile.profile /path/to/program
 # Keep in mind that even with this profile some things are done
-# which can break the program.
+# which can break the program:
-# - some env-vars are cleared
+# - some env-vars are cleared;
-# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes'
+# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes';
-# - a new private pid-namespace is created
+# - a new private pid-namespace is created;
-# - a minimal hardcoded blacklist is applied
+# - a minimal hardcoded blacklist is applied;
 # - ...
 noblacklist /sys/fs
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile
index 3ff033e0b..e274b6443 100644
--- a/etc/profile-m-z/pingus.profile
+++ b/etc/profile-m-z/pingus.profile
@@ -23,8 +23,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.pingus
 whitelist ${HOME}/.pingus
+# Debian keeps games data under /usr/share/games
+whitelist /usr/share/games/pingus
 whitelist /usr/share/pingus
-whitelist /usr/share/games/pingus      # Debian keeps games data under /usr/share/games
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile
index 87aa69bcb..b1acf8b2e 100644
--- a/etc/profile-m-z/rtin.profile
+++ b/etc/profile-m-z/rtin.profile
@@ -1,6 +1,6 @@
 # Firejail profile for rtin
 # Description: ncurses-based Usenet newsreader
-#              symlink to tin, same as `tin -r`
+# symlink to tin, same as `tin -r`
 # This file is overwritten after every install/update
 # Persistent local customizations
 include rtin.local
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 63d629a32..99317c9dc 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -133,9 +133,9 @@ whitelist ${HOME}/.steampid
 include whitelist-common.inc
 include whitelist-var-common.inc
-# NOTE: The following were intentionally left out as they are alternative
+# Note: The following were intentionally left out as they are alternative
 # (i.e.: unnecessary and/or legacy) paths whose existence may potentially
-# clobber other paths (see #4225).  If you use any, either add the entry to
+# clobber other paths (see #4225). If you use any, either add the entry to
 # steam.local or move the contents to a path listed above (or open an issue if
 # it's missing above).
 #mkdir ${HOME}/.config/RogueLegacyStorageContainer
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index a03a6caa0..35ff14e88 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -24,8 +24,8 @@ include disable-xdg.inc
 mkdir ${HOME}/.tin
 mkfile ${HOME}/.newsrc
 # Note: files/directories directly in ${HOME} can't be whitelisted, as
-#       tin saves .newsrc by renaming a temporary file, which is not possible for
+# tin saves .newsrc by renaming a temporary file, which is not possible for
-#       bind-mounted files.
+# bind-mounted files.
 #whitelist ${HOME}/.newsrc
 #whitelist ${HOME}/.tin
 #include whitelist-common.inc